David Yu
d118f7a0c7
Bump supported chart to 0.27.0 for Consul 1.9 ( #9279 )
...
* Bump supported chart to 0.27.0 for Consul 1.9
2020-11-26 00:33:54 +00:00
Mike Morris
3ee6d1c14f
Merge branch 'release/1.9.x' into release/1.9.0
2020-11-24 14:50:39 -05:00
Mike Morris
a05909b3c3
website: remove prerelease banner
2020-11-24 14:46:16 -05:00
Mike Morris
dbb1249f13
Merge branch 'stable-website' into release/1.9.0
2020-11-24 14:44:53 -05:00
David Yu
8d374fa9fa
docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix ( #9263 )
...
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix
Adding 1.9.x and link to Envoy compat matrix
2020-11-24 18:51:06 +00:00
David Yu
687d504214
docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix ( #9263 )
...
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix
Adding 1.9.x and link to Envoy compat matrix
2020-11-24 18:51:01 +00:00
Kit Patella
727780140e
Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
...
Telemetry/fix missing and stale docs
2020-11-23 21:34:59 +00:00
Kit Patella
146466a708
Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
...
Telemetry/fix missing and stale docs
2020-11-23 21:34:55 +00:00
Daniel Nephin
aa07128f46
Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
...
docs: mark streaming as experimental
2020-11-23 21:14:12 +00:00
Daniel Nephin
39b2a30c56
Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
...
docs: mark streaming as experimental
2020-11-23 21:14:08 +00:00
Freddy
ff5215d882
Require operator:write to get Connect CA config ( #9240 )
...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-23 06:27:20 -07:00
Sabeen Syed
b82317d506
Update NIA architecture image ( #9180 )
2020-11-23 07:49:22 +00:00
Sabeen Syed
97b26f19c7
Update NIA architecture image ( #9180 )
2020-11-23 07:49:17 +00:00
Kit Patella
fe6ef7e414
Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
...
Telemetry/fix missing and stale docs
2020-11-20 20:55:51 +00:00
Kit Patella
6e607d7cd3
Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
...
Telemetry/fix missing and stale docs
2020-11-20 20:55:45 +00:00
Freddy
4e44341d36
Require operator:write to get Connect CA config ( #9240 )
...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 16:50:17 -07:00
R.B. Boyer
140c220131
[1.9.0] command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint ( #9230 )
...
Manual backport of #9229 into 1.9.0 branch
Fixes #9215
2020-11-19 15:33:41 -06:00
R.B. Boyer
32f6d17e5d
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint ( #9229 )
...
Fixes #9215
2020-11-19 21:28:09 +00:00
Freddy
5137e4501d
Require operator:write to get Connect CA config ( #9240 )
...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 17:15:17 +00:00
Kit Patella
b2a6b9d5c7
Merge pull request #9091 from scellef/correct-upgrade-guide
...
Correcting text on when default was changed in Consul
2020-11-19 00:55:56 +00:00
Kit Patella
f3380b1c43
Merge pull request #9091 from scellef/correct-upgrade-guide
...
Correcting text on when default was changed in Consul
2020-11-19 00:55:51 +00:00
Mike Morris
c2c8528073
website: update download callout for v1.9.0-rc1
2020-11-18 18:38:06 -05:00
Mike Morris
54fcfec78c
Merge branch 'stable-website' into website/1.9.0-rc1
2020-11-18 18:35:01 -05:00
Matt Keeler
dfaaa0b73a
Refactor to call non-voting servers read replicas ( #9191 )
...
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 15:54:38 +00:00
Matt Keeler
aa45e343b5
[docs] Change links to the DNS information to the right place ( #8675 )
...
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 15:03:32 +00:00
Matt Keeler
1f0007d3f3
[docs] Change links to the DNS information to the right place ( #8675 )
...
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 15:03:27 +00:00
Luke Kysow
35191ac381
Docs for upgrading to CRDs ( #9176 )
...
* Add Upgrading to CRDs docs
2020-11-13 23:20:11 +00:00
Luke Kysow
9050263072
Docs for upgrading to CRDs ( #9176 )
...
* Add Upgrading to CRDs docs
2020-11-13 23:20:07 +00:00
Kyle Schochenmaier
4142a8b86a
Docs: for consul-k8s health checks ( #8819 )
...
* docs for consul-k8s health checks
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:09 +00:00
Kyle Schochenmaier
ba82eab3fb
Docs: for consul-k8s health checks ( #8819 )
...
* docs for consul-k8s health checks
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:05 +00:00
Nitya Dhanushkodi
246bb7123e
Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
...
Update Helm compatibility matrix
2020-11-12 22:55:06 +00:00
Nitya Dhanushkodi
b6459fe725
Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
...
Update Helm compatibility matrix
2020-11-12 22:55:02 +00:00
R.B. Boyer
f815014432
agent: return the default ACL policy to callers as a header ( #9101 )
...
Header is: X-Consul-Default-ACL-Policy=<allow|deny>
This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 16:39:16 +00:00
Paul Banks
b4cb9155d8
Update ui-visualization.mdx
2020-11-12 15:53:51 +00:00
Matt Keeler
1f4da2ae9d
Add a CLI command for retrieving the autopilot configuration. ( #9142 )
2020-11-11 18:19:32 +00:00
Mike Morris
9c989fef4d
Merge pull request #9155 from hashicorp/release/1.9.0-beta3
...
merge: 1.9.0-beta3
2020-11-11 12:55:23 -05:00
Joel Watson
85595ab3ea
docs: add warning in 0.9.0 upgrade notes
2020-11-11 14:24:45 +00:00
Mike Morris
e34b7d0b1b
website: update callout to 1.9.0-beta3
2020-11-09 16:16:34 -05:00
Matt Keeler
f2dee21aca
Add some autopilot docs and update the changelog ( #9139 )
2020-11-09 19:15:12 +00:00
Matt Keeler
8539565046
Merge pull request #9103 from hashicorp/feature/autopilot-mod
...
Switch to using the external autopilot module
2020-11-09 16:30:48 +00:00
Mike Morris
4f1d2a1c56
chore: upgrade to gopsutil/v3 ( #9118 )
...
* deps: update golang.org/x/sys
* deps: update imports to gopsutil/v3
* chore: make update-vendor
2020-11-07 01:49:01 +00:00
Paul Banks
ec31918507
UI Metrics documentation ( #9048 )
...
* UI Metrics documentation
* Update website/pages/docs/connect/observability/ui-visualization.mdx
* Fix some review comments
* Fix review comments
* Apply suggestions from code review
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-06 20:33:08 +00:00
Kim Ngo
7489cacb52
Fix NIA doc links ( #9110 )
...
fix config link and anchor
2020-11-05 19:37:18 +00:00
Kim Ngo
a9af74d339
docs: Add links in CTS docs for the community to get involved ( #9060 )
2020-10-29 15:09:41 +00:00
Daniel Nephin
7b9ee25956
Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param
...
streaming: rename config and remove requirement for cache=1
2020-10-28 12:33:25 -04:00
Daniel Nephin
62c9124011
docs: Add the new metrics to telemetry.mdx
2020-10-27 16:49:50 -04:00
Kevin Pruett
5637683f5d
Merge pull request #9021 from hashicorp/pruett.alertbanner-exp
...
Expose `expirationDate` prop in <AlertBanner/>
2020-10-26 16:08:23 -04:00
Kim Ngo
47009930a2
NIA: add Terraform version compatibility ( #9023 )
2020-10-26 09:46:34 -05:00
Daniel Nephin
853667e7d8
health: change the name of UseStreamingBackend config
...
Remove it from the cache section, and update the docs.
2020-10-23 17:47:01 -04:00
Kevin Pruett
6a946ec6e4
Expose `expirationDate` prop in <AlertBanner/>
2020-10-23 11:19:41 -04:00